SMBs Tumble Down the Cybersecurity Skills Gap

By Pedro Hernandez | Posted July 12, 2016

When it comes to protecting against today's hacks and malware, the cards are decidedly stacked against small businesses.

"There are more cyber-threats out there in the world than ever before," said Peter Tsai, an IT analyst at Spiceworks, best known for its network monitoring software and professional IT community, in a recent interview with Small Business Computing. Insidious ransomware encrypts a victim's files, locking them up until the small business owner pays the attacker to decrypt them. Phishing schemes have gone from laughably bad, error-riddled spam to targeted and convincing emails that appear to come from bosses, colleagues, and other seemingly trusted sources.

[Learn more about small business security: 5 Cybersecurity Tips That Can Save Your Small Business]

And that's just scratching the surface. In terms of security standards, "Internet of Things (IoT) devices are all over the map," warned Tsai. Increasingly, workers are blending personal and business data on smartphones, tablets and other BYOD devices, posing a challenge for organizations that want to keep a lid on sensitive information.

"Companies have struggled to keep up with these threats," said Tsai. "There's a lot of things they have to do to secure their environment."

[Learn more about IoT security: Internet of Things Security Looms Large for Small Business]

It takes a committed security specialist to adapt to the latest tactics employed by hackers and malware coders.

"Security is always a moving target," said Tsai. That reality typically requires organizations to hire a "dedicated professional to keep up with the latest threats." Sadly, many organizations, especially small businesses, lack that skills and expertise required to keep cybersecurity threats at bay.

Small business secueity: email fraud

Recently, Spiceworks surveyed 600 IT professionals in the U.S. and U.K. to scope out the security landscape and the results were eye-opening. The company found that less than a third of organizations (29 percent) have a security professional on staff in their IT departments. Digging deeper, Spiceworks discovered that the news is even worse for smaller organizations.

Small Business Security Experts More Rare Than Some Pokémon

Among IT pros in small businesses with fewer than 500 employees, 59 percent said that they don't employ or outsource a security expert.

Among the minority of companies that have a security staffer, 26 percent toil away in their IT departments, 6 percent on the executive team, and 4 percent in another department. Twenty-one percent of respondents say that they have a third-party security expert on call.

In a perfect world, 100 percent of smaller organizations would have cybersecurity expertise on hand. In the real world, just getting a small business off the ground—and keeping it there—leaves little room for practically anything else. "A lot of people are strapped for time, especially if they have an IT department of one," said Tsai.

Thus, hiring or contracting with a security expert is a non-starter. Only 9 percent of organizations plan to add cybersecurity experts to their IT departments within the next 12 months. Thirteen percent hope to sign up a third-party security expert within the same timeframe.

Security Certifications Even More Rare

The debate over whether IT certifications "are indicative of actual knowledge" continues to rage, said Tsai, but many organizations still rely on them as documented evidence of an employee's technical know-how. Again, Spiceworks' findings paint a bleak picture.

"When we polled more than 1,000 IT pros about their cybersecurity credentials, 67 percent of [them] told us they do not have any security certifications," wrote Tsai in his report. "The most common certification held by IT pros is the basic CompTIA Security+, which 17 percent of respondents had earned, many saying that the designation is beneficial for getting your foot in the door for job interviews."

The highly-regarded Certified Information Systems Security Professional (CISSP) seal of approval placed a distant second at 2 percent. Certified Ethical Hacker (CEH) came in third with a mere 1 percent.

Pedro Hernandez is a contributing editor at Small Business Computing. Follow him on Twitter @ecoINSITE.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date